Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate-based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?
A. Use of OATH between the user and the service and attestation from the company domain B. Use of active directory federation between the company and the cloud-based service C. Use of smartcards that store x.509 keys, signed by a global CA D. Use of a third-party, SAML-based authentication service for attestation
A system administrator is implementing a firewall ACL to block specific communication to and from a predefined list of IP addresses, while allowing all other communication. Which of the following rules is necessary to support this implementation?
A. Implicit allow as the last rule B. Implicit allow as the first rule C. Implicit deny as the first rule D. Implicit deny as the last rule
A security technician would like an application to use random salts to generate short lived encryption keys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal?
A. Ephemeral keys B. Symmetric Encryption Keys C. AES Encryption Keys D. Key Escrow
A security administrator must implement a wireless encryption system to secure mobile devices’ communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A. RC4 B. AES C. MD5 D. TKIP
Correct Answer: A Section: Cryptography
RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.
B: AES supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the
current product used by U.S. governmental agencies.
C: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2. MD4 was used by NTLM (discussed in a moment) to compute the NT Hash. MD5 is the newest version of the algorithm. It produces a 128-bit hash.
D: To strengthen WEP encryption, a Temporal Key Integrity Protocol (TKIP) was employed. This placed a 128-bit wrapper around the WEP encryption with a key that is based on
things such as the MAC address of the destination device and the serial number of the packet.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 171, 250, 251, 255
Which of the following relies on the use of shared secrets to protect communication?
A. RADIUS B. Kerberos C. PKI D. LDAP
Correct Answer: A Section: Access Control and Identity Management
Obfuscated passwords are transmitted by the RADIUS protocol via a shared secret and the MD5 hashing algorithm.
B: Kerberos works on the basis of ‘tickets’ to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
C: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
D: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network.
Which of the following MOST interferes with network-based detection techniques?
A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts
Correct Answer: B Section: Application, Data and Host Security
Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be
inspected for anomalies by network-based intrusion detection systems (NIDS).
A: Multi-Purpose Internet Mail Extensions (MIME) encoding is used in email messages to allow messages to be sent in formats other than ASCII text. Email messages are handles by
host based intrusion detection systems (HIDS).
C: File Transfer Protocol (FTP) is an inherently insecure protocol that does not use any form of encryption making it easy to inspect for anomalies.
D: Email messages are handles by host based intrusion detection systems (HIDS).
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 268
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 8, 12-13
A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?
A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing
Correct Answer: C Section: Threats and Vulnerabilities
Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk
assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be
exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat
agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of
the findings that an individual or an enterprise can use to tighten the network’s security.
A: Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test
(reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security
awareness and the organization’s ability to identify and respond to security incidents.
Penetration is considered ‘active’ because you are actively trying to circumvent the system’s security controls to gain access to the system as opposed to vulnerability scanning which
is considered passive. A passive scan would minimize the risk of system failures.
B: WAF Testing is the process of testing web application firewalls. This is a specific test; it does not test general network resources for security flaws.
D: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or
workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to
design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit
White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being
done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems
during a system–level test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing
requirements. White-box testing is used for testing applications. It is not used to identify security issues in a network.
A security administrator discovered that all communication over the company’s encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in use on the company’s wireless?
A. WPA with TKIP B. VPN over open wireless C. WEP128-PSK D. WPA2-Enterprise
Correct Answer: C Section: Threats and Vulnerabilities
WEP’s major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that’s transmitted. But the fact that packets are encrypted doesn’t prevent them from being intercepted, and due to some esoteric technical flaws it’s entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is.
This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum.
Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of ‘cracking’ a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds.
B: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer’s wireless equipment. WPA is a much improved encryption standard that delivers a level of security beyond anything that WEP can offer. It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded through corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global encryption keys is required. The encryption key is changed after every frame using TKIP. This allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is compatible with many older access points and network cards.
WPA with TKIP is considered more secure than WEP.
C: It’s very unlikely that each computer connected to the wireless access point is configured to use a VPN connection. Furthermore, VPN connections are secure.
D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of assurance that only authorized users can access their wireless networks. WPA2 is based on the IEEE 802.11i standard and provides government grade security. 802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). There are two versions of WPA2:
WPA2 Personal and WPA2 Enterprise. WPA2 Personal protects unauthorized network access by utilizing a setup password. WPA2 Enterprise verifies network users through a server.
WPA2 is much more secure than WEP.